Urgent Veeam Update: Critical RCE CVE-2025-23121 (CVSS 9.9) & Two Other Flaws Threaten Backup Servers

Veeam, a global leader in data protection and disaster recovery solutions, has issued a critical security update for its flagship product, Veeam Backup & Replication, patching three vulnerabilities—one of which could allow remote code execution (RCE) by authenticated users.

The most severe of the three vulnerabilities, CVE-2025-23121, received a near-maximum CVSS score of 9.9. This vulnerability allows an authenticated domain user to execute arbitrary code on the Backup Server, potentially compromising backup integrity and enabling lateral movement across enterprise networks.

“A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user,” the advisory explains. This flaw affects Veeam Backup & Replication 12.3.1.1139 and all earlier version 12 builds, and has been resolved in the 12.3.2.3617 release.

The second vulnerability, CVE-2025-24286, affects the Backup Operator role, which is commonly assigned to delegated admins. The flaw allows such users to modify backup jobs in a way that can lead to arbitrary code execution under certain conditions.

Though less severe than the RCE flaw, this vulnerability still presents a significant risk in multi-user administrative environments. Like the first issue, it is patched in version 12.3.2.3617.

The third vulnerability, CVE-2025-24287, was found in Veeam Agent for Microsoft Windows, a component bundled with the main Veeam Backup suite. The flaw enables local users to tamper with directory contents, possibly leading to elevated code execution on the system.

This issue impacts version 6.3.1.1074 and earlier and is fixed in Veeam Agent 6.3.2.1205.

Related Posts:

• Veeam Backup & Replication Vulnerabilities Exposed: High-Severity Flaws Put Data at Risk
• Fog & Akira Ransomware Exploit Critical Veeam RCE Flaw CVE-2024-40711 After PoC Release
• Veeam Backup & Replication Faces RCE Flaw– CVE-2024-40711 (CVSS 9.8) Allows Full System Takeover
• PoC Exploit Releases for Unauthenticated RCE CVE-2024-40711 in Veeam Backup & Replication
• CVE-2025-23114 (CVSS 9.0): Critical Veeam Backup Vulnerability Enables Remote Code Execution

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal

Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy